Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 1 Question 47 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 47
Topic #: 1
[All SCS-C02 Questions]

[Infrastructure Security]

A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.

Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, E, E

AWS Secrets Manager is a service that helps you manage, retrieve, and rotate secrets such as database credentials, API keys, and other sensitive information. By configuring automatic rotation of credentials in AWS Secrets Manager, you can ensure that your secrets are changed regularly and securely, without requiring manual intervention or application downtime.You can also specify the rotation frequency and the rotation function that performs the logic of changing the credentials on the database and updating the secret in Secrets Manager1.


by Clay at Jul 04, 2025, 05:04 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cordelia
3 months ago
Definitely agree with using Secrets Manager for this.
upvoted 0 times
...
Denny
3 months ago
I think D is better for managing access securely.
upvoted 0 times
...
Lizbeth
3 months ago
Not sure if catching connection failures is the best approach...
upvoted 0 times
...
Arlyne
4 months ago
Surprised that people still hard-code credentials!
upvoted 0 times
...
Barrett
4 months ago
Option C is a solid choice for automatic rotation!
upvoted 0 times
...
Ettie
4 months ago
I vaguely recall that catching connection failures in the Java app to retrieve new credentials is a valid approach, but I’m unsure if it’s the best method compared to the others listed.
upvoted 0 times
...
Georgiann
4 months ago
I practiced a similar question where we had to choose between encrypting credentials and using Secrets Manager. I feel like option C is definitely a strong choice for automatic rotation.
upvoted 0 times
...
Arminda
4 months ago
I think storing credentials in AWS Systems Manager Parameter Store is a good option, but I’m a bit confused about whether it requires a scheduled job for updates or if it can be done automatically.
upvoted 0 times
...
Isreal
5 months ago
I remember something about using AWS Secrets Manager for credential rotation, but I'm not sure if it automatically updates the application without a restart.
upvoted 0 times
...
Haydee
5 months ago
Yep, that's the right approach. I'd go with option E - configuring the Java app to catch the connection failure and fetch the updated credentials from Secrets Manager. That way, the app doesn't need to be restarted or redeployed when the credentials are rotated.
upvoted 0 times
...
Leonie
5 months ago
Okay, I think I've got a strategy here. The key is to avoid hard-coding the credentials in the application and instead use a service like Secrets Manager or Parameter Store to dynamically retrieve the credentials. That way, when they're rotated, the application can automatically pick up the new ones.
upvoted 0 times
...
Catalina
5 months ago
Hmm, I'm a bit confused by all the different AWS services mentioned. I'll need to review the details of each one to understand how they can be used to protect the credentials and minimize downtime.
upvoted 0 times
...
Desirae
5 months ago
This looks like a good question to test our understanding of credential management and rotation in a cloud environment. I think the key is to find a solution that securely stores the credentials and allows for easy rotation without disrupting the application.
upvoted 0 times
...
Sarina
7 months ago
That's a good point, Rosina. Option D does seem like a secure way to handle credentials as well.
upvoted 0 times
...
Jonelle
7 months ago
C and E, all the way! I bet the engineer who came up with this question is a secret superhero in disguise. They really know their stuff.
upvoted 0 times
Pura
6 months ago
Definitely! Those options seem like the best way to protect credentials and minimize downtime.
upvoted 0 times
...
Melodie
6 months ago
E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.
upvoted 0 times
...
Mariann
7 months ago
C) Configure automatic rotation of credentials in AWS Secrets Manager.
upvoted 0 times
...
...
Rosina
7 months ago
I'm not sure about option C. I think option D could also be a good choice since it involves storing the credential in an encrypted parameter.
upvoted 0 times
...
Marget
7 months ago
Wait, we're supposed to choose two options? I was just going to go with E and call it a day. Guess I should read the question more carefully next time.
upvoted 0 times
...
Mari
8 months ago
This question is a piece of cake! C and E are the obvious choices. Gotta love that AWS Secrets Manager, makes life so much easier.
upvoted 0 times
Bok
7 months ago
A: Definitely, AWS Secrets Manager is a game changer. So convenient for rotating credentials.
upvoted 0 times
...
...
Billy
8 months ago
A and D seem promising. Encrypting the creds and storing them securely, then granting the EC2 instance access, sounds like a solid approach.
upvoted 0 times
Arminda
7 months ago
Configuring the Java application to retrieve updated credentials from Secrets Manager when the password is rotated can help minimize downtime and enhance security.
upvoted 0 times
...
Arlette
7 months ago
A and D are indeed good options. Encrypting the credentials and storing them securely is crucial for protecting sensitive information.
upvoted 0 times
...
...
Kimberlie
8 months ago
I'd go with C and E. Automating credential rotation and dynamically retrieving updated creds from Secrets Manager is the way to go. No more hard-coded passwords to worry about!
upvoted 0 times
Alesia
7 months ago
User 2
upvoted 0 times
...
Alpha
7 months ago
User 1
upvoted 0 times
...
...
Vesta
8 months ago
I agree with Sarina. Option C seems like the most secure and efficient way to handle credential rotation.
upvoted 0 times
...
Sarina
8 months ago
I think option C is the best choice because it allows for automatic rotation of credentials.
upvoted 0 times
...

Save Cancel